How To Make WordPress Comply with EU Cookie Directive

The EU Cookie Directive is amended privacy legislation designed to increase consumer protection. The EU Cookie Directive requires websites to obtain informed consent from visitors before they store information on a computer or any web connected device. This storage is mostly done by cookies, which can then be used for tracking visitors to a site. ~ EU Cookie Directive

In response, the UK updated the Privacy and Electronic Communications Regulation to incorporate the EU Cookie Directive in its mandates and UK businesses are expected to bring their websites into compliance. Here’s how we’ve sought to bring our own site into compliance; we hope our experience can serve as a useful guide to bringing your own business’s WordPress website into cookie compliance.

How the cookie crumbles

Types of EU Cookie Compliance

UK businesses should refer to the ICO (Information Commissioner’s Office) for full guidance on how to comply with the EU Cookie Directive. Essentially, visitors to your website must consent to your use of cookies. Consent can be implied or gathered explicitly and the sort of steps you should take for consent will depend on the type of cookies your site uses. ‘Implied consent’ can be applied to:

those cookies that form an integral part of a website’s functionality, such as a shopping basket or user preferences

those cookies that are ‘strictly necessary’ for an operation requested by your user, such as moving from a product page to checkout

Where businesses should pay special attention is when cookies are used to collect sensitive personal information, such as data on user’s health, or the use of third-party cookies for tracking or integrating with third-party services. Common scenarios for third-party cookie use include:

cookies for tracking user behaviour such as Google Analytics

cookies for use with third-party social networks such as Facebook, Twitter, YouTube and so on

Getting Started: Make WordPress Comply with EU Cookie Directive

The ICO offers a useful PDF guide to cookie compliance. Businesses are free to implement their own strategies for compliance based on their particular use of cookies and the guidance provides a variety of example implementations that businesses can work from. With reference to the ICO guidance, it took us 2 hours to bring our site into compliance which we achieved following these steps:

WordPress Cookie Compliance: Undertaking a Cookie Audit

We investigated the range of cookies used by our site. These fall into two categories of cookies, those that require explicit consent and those that are covered by implied consent:

WordPress’s non-tracking cookies which are fundamental to the operation of the website’s CMS software

third-party cookies from Google Analytics and social networks

Once we had clarified our understanding of the cookies used on our site, we were able to determine the best measures for complying with the Directive’s stipulation that users make ‘informed consent’ to our use of cookies.

Helping Users Make ‘Informed Consent’ to Cookies

We took 3 measures to help users make informed consent to our use of cookies:

explicate that a user’s continued use of the site accepts our use of third-party cookies to enhance the site

While there are problematic and onerous aspects of the EU Cookie Directive and some are estimating that the UK Cookie Law could cost British businesses £10 billion, we hope that fellow SMEs using WordPress will find our steps to compliance a useful guide.

Need help to make WordPress comply with EU Cookie Directive? We can help. Get in touch!